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1 Introduction 

Termination is a major question in both logic and computer science. In logic, termina- 
tion is at the heart of proof theory where it is usually called strong normalization (of cut 
elimination). In computer science, termination has always been an important issue for 
showing programs correct. In the early days of logic, strong normalization was usually 
shown by assigning ordinals to expressions in such a way that eliminating a cut would 
yield an expression with a smaller ordinal. In the early days of verification, computer 
scientists used similar ideas, interpreting the arguments of a program call by a natu- 
ral number, such as their size. Showing the size of the arguments to decrease for each 
recursive call gives a termination proof of the program, which is however rather weak 
since it can only yield quite small ordinals. In the sixties, Tait invented a new method 
for showing cut elimination of natural deduction, based on a predicate over the set of 
terms, such that the membership of an expression to the predicate implied the strong 
normalization property for that expression. The predicate being defined by induction on 
types, or even as a fixpoint, this method could yield much larger ordinals. Later gener- 
alized by Girard under the name of reducibility or computability candidates, it showed 
very effective in proving the strong normalization property of typed lambda-calculi 
with polymorphic types, dependent types, inductive types, and finally a cumulative hi- 
erarchy of universes. On the programming side, research on termination shifted from 
programming to executable specification languages based on rewriting, and concen- 
trated on automatable methods based on the construction on well-founded orderings of 
the set of terms. The milestone here is Dershowitz's recursive path ordering (RPO), in 
the late seventies, whose well-foundedness proof is based on a powerful combinatorial 
argument, Kruskal's tree theorem, which also yields rather large ordinals. While the 
computability predicates must be defined for each particular case, and their properties 
proved by hand, the recursive path ordering can be effectively automated. 

These two methods are completely different. Computability arguments show ter- 
mination, that is, infinite decreasing sequences of expressions e >- e\ >- . . . e n >- 
e n+ i ... do not exist. Kruskal's based arguments show well-orderedness: for any infi- 
nite sequence of expressions {ei}i, there is a pair j < k such that ej < e^. It is easy to 
see that well-orderedness implies termination, but the converse is not true. 
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In the late eighties, a new question arose: termination of a simply-typed lambda- 
calculus language in which beta-reduction would be supplemented with terminating 
first-order rewrite rules. Breazu-Tannen and Gallier on the one hand [12], and Okada [23] 
on the other hand, showed that termination was satisfied by the combination by using 
computability arguments. Indeed, when rewriting operates at basic types and is gen- 
erated by first-order rewrite rules, beta-reduction and rewriting do not interfere. Their 
result, proved for a polymorphic A-calculus, was later generalized to the calculus of 
constructions [1]. The situation becomes radically different with higher-order rewriting 
generated by rules operating on arrow-types, or involving lambda-bindings or higher- 
order variables. Such an example is provided by Godel's system T, in which higher- 
order primitive recursion for natural numbers generated by Peano's constructors and 
s is described by the following two higher-order rules : 

rec(0, U, V) -> U 
rec(s(X), U, V) -» @(V, X, rec(X, U, V)) 

where rec is a function symbol of type N — > T — > (N — > T — > T) — > T, U is a higher- 
order variable of type T and V a higher-order variable of type N — > T — > T, for all type 
T. Jouannaud and Okada invented the so-called general-schema [17], a powerful gener- 
alization of Godel's higher-order primitive recursion of higher types. Following the path 
initiated by Breazu-Tannen and Gallier on the one hand, and Okada on the other hand, 
termination of calculi based on the general schema was proved by using computability 
arguments as well [2, 17, 18]. The general schema was then reformulated by Blanqui, 
Jouannaud and Okada [3, 4] in order to incorporate computability arguments directly in 
its definition, opening the way to new generalizations. Godel's system T can be gen- 
eralized in two ways, by introducing type constructors and dependent types, yielding 
the Calculus of Constructions, and by introducing strictly positive inductive types. Both 
together yield the Calculus of Inductive Constructions [24], the theory underlying the 
Coq system [14], in which rewrite rules like strong elimination operate on types, raising 
new difficulties. Blanqui gave a generalization of the general schema which includes the 
Calculus of Inductive Constructions as a particular case under the name of Calculus of 
Algebraic Constructions [6, 7]. 

The general schema, however, is too simple to analyze complex calculi defined by 
higher-order rewrite rules such as encodings of logics. For that purpose, Jouannaud 
and Rubio generalized the recursive path ordering to the higher-order case, yielding 
the higher-order recursive path ordering (HORPO) [19]. The RPO well-foundedness 
proof follows from Kruskal's tree theorem, but no such theorem exists in presence of 
a binding construct, and it is not at all clear that such a theorem may exist. What is 
remarkable is that computability arguments fit with RPO's recursive structure. When 
applied to RPO, these arguments result in a new, simple, well-foundedness proof of 
RPO. One could even argue that this is the first well-foundedness proof of RPO, since 
Dershowitz showed more: well-orderedness. 

Combining the general schema and the HORPO is indeed easy because their ter- 
mination properties are both based on computability arguments. The resulting relation, 
HORPO with closure, combines an ordering relation with a membership predicate. In 
this paper, we reformulate and improve a recent idea of Blanqui [9] by defining a new 



version of the HORPO with closure which integrates smoothly the idea of the general 
schema into HORPO in the form of a new ordering definition. 

So far, we have considered the kind of higher-order rewriting defined by using first- 
order pattern matching as in the calculus of constructions. These orderings need to 
contain (3- and //-reductions. Showing termination of higher-order rewrite rules based on 
higher-order pattern matching, that is, rewriting modulo (3 and r\ now used as equalities, 
turns out to require simple modifications of HORPO [20]. We will therefore concentrate 
here on higher-order orderings containing (3- and ^-reductions. 

We introduce higher-order algebras in Section 2. In Section 3, we recall the com- 
putability argument for this variation of the simply typed lambda calculus. Using a 
computability argument again, we show in Section 4 that RPO is well-founded. We 
introduce the general schema in section 5, and the HORPO in Section 6 before to com- 
bine both in Section 7. We end up with related work and open problems in the last two 
sections. 

2 Higher- Order Algebras 

The notion of a higher-order algebra given here is the monomorphic version of the 
notion of polymorphic higher-order algebra defined in [21]. Polymorphism has been 
ruled out for simplicity. 

2.1 Types, Signatures and Terms 

Given a set S of sort symbols of a fixed arity, denoted by s : *™ =>■ *, the set T s of types 
is generated from these sets by the arrow constructor: 

T s := s(T£) | (T s - T s ) 
for s : *" =>• * e5 

Types headed by — > are arrow types while the others are basic types. Type declarations 
are expressions of the form o\ x • • • x a n — ► a, where n is the arity of the type 
declaration, and <7i, . . . , a n , a are types. A type declaration is first-order if it uses only 
sorts, otherwise higher-order. 

We assume given a set of function symbols which are meant to be algebraic opera- 
tors. Each function symbol / is equipped with a type declaration /: a\ x • • • x o n — > o. 
We use T n for the set of function symbols of arity n. T is a first-order signature if all 
its type declarations are first-order, and a higher-order signature otherwise. 

The set of raw terms is generated from the signature T and a denumerable set X of 
variables according to the grammar: 

T := X | (XX. T) | @(T, T) \ T(T, . . . , T). 

Terms generated by the first two grammar rules are called algebraic. Terms of the form 
Xx.u are called abstractions while terms of the form @(u,v) are called applications. 
The term @(u,v) is called a (partial) left-flattening of @(. . . v\), v 2 ), ■ ■ ■ , v n ), 

with u being possibly an application itself. Terms other than abstractions are said to be 



neutral. We denote by Var{t) (BVar(t)) the set of free (bound) variables of t. We may 
assume for convenience (and without further notice) that bound variables in a term are 
all different, and are different from the free ones. 

Terms are identified with finite labeled trees by considering Xx., for each variable x, 
as a unary function symbol. Positions are strings of positive integers, the empty string 
A denoting the root position. The subterm of t at position p is denoted by t\ p , and by 
t[u] p the result of replacing t\ p at position p in t by u. We write s > u if u is a strict 
subterm of s. We use t{ ] p for a term with a hole, called a context. The notation s will 
be ambiguously used to denote a list, a multiset, or a set of terms s\, . . . , s n . 

2.2 Typing Rules 

Typing rules restrict the set of terms by constraining them to follow a precise discipline. 
Environments are sets of pairs written x : a, where a; is a variable and a is a type. Let 
T>om(r) — {x | x : a G -T for some type a}. We assume there is a unique pair of 
the form x : a for every variable x G Vom(r). Our typing judgments are written as 
r h M : a if the term M can be proved to have the type a in the environment r. A 
term M has type <r in the environment r if T h M : a is provable in the inference 
system of Figure 1 . A term M is typable in the environment r if there exists a type 
a such that M has type a in the environment F. A term M is typable if it is typable 
in some environment F. Note that function symbols are uncurried, hence must come 
along with all their arguments. 



Variables: 

x : a G r 
r h x:a 


Functions: 

/ : en x . . . x <7„ — > a 

r h t\-. a\ . . . r h t„ : o n 

r h f{t!,...,t n ):a 


Abstraction: 

r U {x : a} h t:r 


Application: 

ru{x:a}\-s:a^T r h t : a 


r \- (\x: a.t) :a^r 


r h @(s,t) : r 



Fig. 1. Typing judgments in higher-order algebras 



2.3 Higher-Order Rewrite Rules 

Substitutions are written as in {x\ : o\ ^ ■ ■ ■ ,x n : a n ^ {r n ,t n )} where, 

for every i G [l..n], ti is assumed different from Xi and h ti : aj. We also assume 
that [J . ri is an environment. We often write x i— ► t instead of a; : cr i— > (_T, i), in 
particular when t is ground. We use the letter 7 for substitutions and postfix notation 
for their application. Substitutions behave as endomorphisms defined on free variables. 



A (possibly higher-order) term rewriting system is a set of rewrite rules R = {i^ h k — > 
rj : (Ti}i, where k and r, are higher-order terms such that k and have the same type 
<7j in the environment i^. Given a term rewriting system R, a term s rewrites to a term 
t at position p with the rule I — > r and the substitution 7, written s — ► i, or simply 
s — t, if s\ p = l-f and t = s[r-f] p . 

A term s such that s -^-> t is called R-reducible. The subterm ,sL is a retfex in s, and 

f is the reduct of s. Irreducible terms are said to be in R-normal form. A substitution 7 
is in i?-normal form if xj is in i?-normal form for all x. We denote by — ► the reflexive, 

R 

transitive closure of the rewrite relation — ►. 

R 

Given a rewrite relation — ►, a term s is strongly normalizing if there is no infinite 
sequence of rewrites issuing from s. The rewrite relation itself is strongly normaliz- 
ing, or terminating, if all terms are strongly normalizing, in which case it is called a 
reduction. 

Three particular higher-order equation schemas originate from the A-calculus, a-, 
p- and 77-equality: 

Xx.v — a Xy.v{x y} if y g BVar(v) U (Var(v) \ {x}) 
@(Xx.v, u) — >p v{x 1 ► u} 
XxM(u, x) — > v u if x £ Var(u) 

As usual, we do not distinguish a-convertible terms. (3- and fy-equalities are used as 
reductions, which is indicated by the long-arrow symbol instead of the equality symbol. 
The above rule-schemas define a rewrite system which is known to be terminating, a 
result proved in Section 3. 

2.4 Higher-Order Reduction Orderings 

We will make intensive use of well-founded orderings, using the vocabulary of rewrite 
systems for orderings, for proving strong normalization properties. For our purpose, an 
ordering, usually denoted by >, is a reflexive, symmetric, transitive relation compatible 
with a-conversion, that is, s = a t > u = a v implies s > v, whose strict part > is itself 
compatible. We will essentially use strict orderings, and hence, the word ordering for 
them too. We will also make use of order-preserving operations on relations, namely 
multiset and lexicographic extensions, see [15]. 

Rewrite orderings are monotonic and stable orderings, reduction orderings are in 
addition well-founded, while higher-order reduction orderings must also contain (3- 
and ^-reductions. Monotonicity of > is defined as u > v implies s[u] p > s[v] p for all 
contexts s[ ] p . Stability of > is defined as u > v implies S7 > £7 for all substitutions 
7. Higher-order reduction orderings are used to prove termination of rewrite systems 
including f3- and /^-reductions by simply comparing the left hand and right hand sides 
of the remaining rules. 

3 Computability 

Simply minded arguments do not work for showing the strong normalization property 
of the simply typed lambda-calculus, for /3-reduction increases the size of terms, which 



precludes an induction on their size, and preserves their types, which seems to preclude 
an induction on types. 

Tait's idea is to generalize the strong normalization property in order to enable an 
induction on types. To each type a, we associate a subset [cr] of the set of terms, called 
the computability predicate of type cr, or set of computable terms of type cr. Whether 
[cr] contains only typable terms of type cr is not really important, although it can help 
intuition. What is essential are the properties that the family of predicates should satisfy: 

(i) computable terms are strongly normalizing; 

(ii) reducts of computable terms are computable; 

(iii) a neutral term u is computable iff all its reducts are computable; 

(iv) u '. cr — ► t is computable iff so is v) for all computable v. 

A (non-trivial) consequence of all these properties can be added to smooth the proof 
of the coming Main Lemma: 

(v) Xx.u is computable iff so is u{x i— > v} for all computable v. 

Apart from (v), the above properties refer to /3-reduction via the notions of reduct 
and strong normalization only. Indeed, various computability predicates found in the 
literature use the same definition parametrized by the considered reduction relation. 

There are several ways to define a computability predicate by taking as its defini- 
tion some of the properties that it should satisfy. For example, a simple definition by 
induction on types is this: 

s : cr G [cr] for cr basic iff s is strongly normalizing; 

s : — > t £ [<T — ► tJ iff @(s, u) : r G [t] for every u : 9 G [0]]. 
An alternative for the case of basic type is: 

s : a G [cr] iff Vt : r . s — ►* then t G [r]. 

This formulation defines the predicate as a fixpoint of a monotonic functional. Once 
the predicate is defined, it becomes necessary to show the computability properties. 
This uses an induction on types in the first case or an induction on the definition of the 
predicate in the fixpoint case. 

Tait's strong normalization proof is based on the following key lemma: 

Lemma 1 (Main Lemma). Let s be an arbitrary term and 7 be an arbitrary com- 
putable substitution. Then sj is computable. 

Proof. By induction on the structure of terms. 

1 . s is a variable: s-f is computable by assumption on 7. 

2. s — @(u,v). Since uj and are computable by induction hypothesis, S7 = 
@(«7, vy) is computable by computability property (iv). 

3. s = Xx.u. By computability property (v), 57 = Xx.uj is computable iff ^7(2; 
v} is computable for an arbitrary computable v. Let now 7' = 7 U {x v}. By 
definition of substitutions for abstractions, uj{x 1— ► v} — uj', which is usually 
ensured by a-conversion. By assumptions on 7 and v, 7' is computable, and wy' is 
therefore computable by the main induction hypothesis. □ 

Since an arbitrary term s can be seen as its own instance by the identity substitution, 
which is computable by computability property (iii), all terms are computable by the 
Main Lemma, hence strongly normalizing by computability property (i). 



4 The Recursive Path Ordering and Computability 



In this section, we restrict ourselves to first-order algebraic terms. Assuming that the set 
of function symbols is equipped with an ordering relation >jr, called precedence, and a 
status function stat, writing statf for stat(f), we recall the definition of the recursive 
path ordering: 

Definition 1. sy rpo tiff 
1.8 = f(s) with f e T, and u>t for some u G s 

rpo 

2. s = f(s) with f G T, and t = g(t) with f >jr g, and A 

3. s = f(s) and t = g(t) with f =jr g G Mul, and s ( >- ) mu i t 

rpo 

4. 8 — f(s) and t — g(t) with f ~jr g G Lex, and s (y)i ex t and A 

rpo 

where A — \/v Gt. s >~ v and s >z t iff s >- t or s = t 

rpo r po rpo 

We now show the well-foundedness of y rpo by using Tait's method. Computability 
is defined here as strong normalization, implying computability property (i). We prove 
the computability property: 

(vii) Let / G T n and s be computable terms. Then f(s) is computable. 

Proof. The restriction of >- rpo to terms smaller than or equal to the terms in s w.r.t. >- rpo 
is a well-founded ordering which we use for building an outer induction on the pairs 
(/, s) ordered by (>r, {>~ rpo) stat f ) lex - This ordering is well-founded, since it is built 
from well-founded orderings by using mappings that preserve well-founded orderings. 

We now show that f(s) is computable by proving that t is computable for all t such 
that f(s) y rpo t. This property is itself proved by an (inner) induction on \t\, and by 
case analysis upon the proof that f(s) >- rpo t. 

1. subterm case: 3u 6 s such that u y rpo t. By assumption, u is computable, hence 
so is its reduct t. 

2. precedence case: t — g(t), f >jr g, and Vw £ t, s y rpo v. By inner induction, v is 
computable, hence so is t. By outer induction, g(t) = t is computable. 

3. multiset case: t = f(t) with / G Mul, and s(^ rpo ) mu ;t. By definition of the 
multiset extension, Vf G t, 3u G s such that u > r po v. Since s is a vector of com- 
putable terms by assumption, so is t. We conclude by outer induction that f(t) = t 
is computable. 

4. lexicographic case: t = f(t) with / G Lex, s(y r po)lexi, and Vf G t, s > rpo v. By 
inner induction, t is strongly normalizing, and by outer induction, so is f(t) = t. 

a 

The well-foundedness of >- rpo follows from computability property (vii). 



5 The General Schema and Computability 



As in the previous section, we assume that the set of function symbols is equipped with 
a precedence relation >jr and a status function stat. 

Definition 2. The computability closure CC(t = /(?)), with f G T, is the set CC(t, 0), 
s.t. CC(t, V), with V n Var(t) = 0, is the smallest set of typable terms containing all 
variables in V and terms in t, closed under: 

1. subterm of basic type: let s G CC(t, V), and u be a subterm of s of basic type a 
such that Var(u) C Var(t); then u G CC(t, V); 

2. precedence: let f >jr g, ands G CC(t, V); then g(s) G CC(t, V); 

3. recursive call: let f(s) be a term such that terms in s belong to CC(t, V) and 
t( > p U>) stat/ s; then g(s) G CC(t, V) for every g f; 

4. application: let s : U\ — > . . . — > <r n — > a G CC(t, V) and m : Ui G CC(t, V) for 
every i G [l..n]; then @(s, wi, . . . , u n ) G CC(t, V); 

5. abstraction: let s G CC(t,VU{x}) for some x £ Var(t)UV; then Xx.s G CC(t, V); 

6. reduction: let u G CC(t, V), anc/ u — > /3u> u; f/zen u G CC(t, V). 

We say that a rewrite system i? satisfies the general schema iff 

r e CC(/(I)) for all /(I) —> r € R 

We now consider computability with respect to the rewrite relation — > fl U — > /3 , 
and add the computability property (vii) whose proof can be easily adapted from the 
previous one. We can then add a new case in Tait's Main Lemma, for terms headed by 
an algebraic function symbol. As a consequence, the relation — ^ U — > R is strongly 
normalizing. 

Example! (System T). We show the strong normalization of Godel's system T by 
showing that its rules satisfy the general schema. This is clear for the first rule by the 
base Case of the definition. For the second rule, we have: V G CC(rec(s(X), U, V)) by 
base Case; s(X) G CC(rec(s(X), U, V)) by base Case again, andX G CC(rec(s(X),U,V)) 
by Case 2, assuming rec >r s; U G CC(rec(s(X), U, V)) by base Case, hence all ar- 
guments of the recursive call are in CC(rec(s(X), U, V)). Since s(X) > X holds, we 

have rec{X, U, V) G CC(rec(s(X), U, V)). Therefore, we conclude with @(V, X, rec(X, U, V)) G CC(rec(s(X), U, V) 
by Case 4. 



6 The Higher- Order Recursive Path Ordering 

6.1 The Ingredients 

- A quasi-ordering on types >r s called the type ordering satisfying the following 
properties: 

1. Well-foundedness: >r s is well-founded; 

2. Arrow preservation: r — > a =t s a iff a = r' — > cr', r' =j- s t and cr =t s a ''i 

3. Arrow decreasingness: t — > cr >r s a implies cr >r s a or a = r' — ► 
cr', t' —r s t and cr >t- s cr'; 



4. Arrow monotonicity: t >t s <j implies a — > r >r s a — > a and r — > a >r s 

(j — > ct; 

A convenient type ordering is obtained by restricting the subterm property for the 
arrow in the RPO definition. 

- A quasi-ordering >jr on T, called the precedence, such that >jr is well-founded. 

- A status statf € {M«(, Lea:} for every symbol / e .F. 

The higher-order recursive path ordering (HORPO) operates on typing judgments. 
To ease the reading, we will however forget the environment and type unless necessary. 
Let 

A = Vu g t s y voru y v for some u e s 

horpo horpo 

Definition 3. Given two judgments r \~z s : a and £ \~s t : r, 

s y t iff a >r s t and 

horpo 

1. s — f(s) with f g T, and u > t for some u E s 

horpo 

2. s = f(s) with f g T, and t = g(t) with f >jr g, and A 

3. s — f(s) andt — g(t) with f ~jr g g Mul, ands ( >- ) mu i t 

horpo 

4. s = f(s) and t = g(t) with f =jr g g Lex, and s ( >~ )i ex t and A 

horpo 

5. s = @(si, S2), and Si >z t or S2 ^ t 

horpo horpo 

6. s = Xx : a.u with x Var(t), and u > t 

horpo 

7. s — f(s) with f g T, t = @(t) is a partial left-flattening oft, and A 

8. s = f(s) with f g T, t = Ax : a.v with x £ Var{v) and s >~ v 

horpo 

9. s = @(si,s 2 ),t = @(t),and{s 1 ,s 2 }( >- ) mu i~t 

horpo 

10. s = Xx : a.u, t — Xx : f3.v, a —r s (3, andu >~ v 

horpo 

11. s — @(Xx : a.u,v) and u{x ^ v} y t 

horpo 

12. s — Xx : aM(u,x), x £ Var{u) and u y t 

horpo 

Example 2 (System T). The new proof of strong normalization of System T is even 
simpler. For the first rule, we apply Case 1 . For the second, we apply Case 7, and show 
recursively that rec(s(X) 1 U, V) y horpo V by Case 1, rec(s(X), U, V) y horpo X by 
Case 1 applied twice, and rec(s(X), U, V) y horpo rec(X, U, V) by Case 3, assuming a 
multiset status for rec, which follows from the comparison s(X) y horpo X by Case 1. 

The strong normalization proof of HORPO is in the same style as the previous 
strong normalization proofs, although technically more complex [21]. This proof shows 
that HORPO and the general schema can be combined by replacing the membership 
ties used in case 1 by the more general membership u g CC(f(sj). It follows that the 
HORPO mechanism is inherently more expressive than the closure mechanism. 

Because of Cases 11 and 12, HORPO is not transitive. Indeed, there are examples 
for which the proof of s y^ or „ 1 requires guessing a middle term u such that s y horpo u 



and u y horpo t. Guessing a middle term when necessary is automated in the implemen- 
tations of HORPO and HORPO with closure available from the web page of the first 
two authors. 



7 Unifying HORPO and the Computability Closure 



A major advantage of HORPO over the general schema is its recursive structure. In 
contrast, the membership to the computability closure is undecidable due to its Case 3, 
but does not involve any type comparison. To combine the advantages of both, we now 
incorporate the closure construction into the HORPO as an ordering. Besides, we also 
incorporate the property that arguments of a type constructor are computable when the 
positivity condition is satisfied as it is the case for inductive types in the Calculus of 
Inductive Constructions [7, 24]. 



s : a >~ t : t iff 

horpo 

Var(t) C Var(s) and 



s = f(s) y t iff 

comp 



1. s = f(s) and s >- t 

comp 

2. s = f(s) and a >r s r and 

(a) t = g(t), f >jf g and A 

(b) t = g(t), f= F g, 
s( y ) stat f t and A 

horpo 

(c) t = @{h,t 2 ) and A 

3. s = @(si, s 2 ), cr >T S T an d 

(a) t = @{h,t 2 ) and 

{S1,S 2 }( y )mul{tl,t 2 } 
horpo 

(b) si y tox s 2 y t 

horpo horpo 

(c) si = Xx.u and 
u{x i ► s 2 } y t 

horpo 

4. s = \x : a.u, a >q- s t and 

(a) t = Xc : (3.v, a =t s ft 
and u y v 

horpo 

(b) x £ Var(t) and u y t 

horpo 

(c) u — @(v,x),x $ Var(v) 
and v y t 

horpo 

where A = Vu £ t : 
s y uorBuGs: m >- v 



a ' —comp 



horpo 



horpo 



1. t G X 

2. 3si e Acc(s 

3. t = g(t), f >t s g and 

x 

Vu et : s y v 

comp 

4. t = g(t), f =t s g, 

X 

Vw G t : s y v and 

comp 

Acc(s){ y ) stat XX. t 

horpo 

5. t = @(u,v), 

x x 
s y u and s y v 

comp comp 

6. t = Xx : a.u and 

X-{x:a} 

s y u 

comp 

where Sj G Acc(f(s j) 
(si is accessible in s) 
iff 

1. s is the left hand side of 

an ancestor goal s y horpo u 

2. s is the left hand side of the 
current goal s y comp u, and, 
either/ : a — > a and 

a occurs only positively in Ui . 



Example 3. We consider now the type of Brouwer's ordinals defined from the type N 
by the equation Ord = W s(Ord) W lim(N —> Ord). Note that Ord occurs positively 



in the type N — > Ord, and that N must be smaller or equal to Ord. The recursor for the 
type Ord is defined as: 



rec(0, U, V, W) -► U 
rec(s(X),U,V,W) -» @(V, X, rec(X, 17, V, W)) 
rec(lim(F), U, V, W) -» @(W, F, An.rec(@(F, n), t/, V, W)) 

We skip the first two rules and concentrate on the third: 

1. rec{lim(F), U, V, W) y horpo @(W, F, Xn.rec(@{F, n), U, V, W)) 
which, by Case 1 of >~hor P o is replaced by the new goal: 

2. rec(lim(F), U, V, W) ^ comp @{W, F, Xn.rec(@(F, n), U, V, W)) 
By Case 5 of >- comp , these three goals become: 

3. rec(lim(F),U,V,W)yi omp W 

4. rec(lim(F),U,V,W)yl mp F 

5. rec{lim(F), U, V, W) >l omp Xn.rec(@(F, n), U, V, W) 
Since rec(lim(F) 7 U, V, W) originates from Goal 1, 
Goal 3 disappears by Case 2, while Goal 4 becomes: 

6. lim(F)yl mp F 

which disappears by the same Case since F is accessible in lim(F). 
thanks to the positivity condition. By Case 6, Goal 5 becomes: 

7. rec(lim{F), U, V, W) Aol P rec(@{F, n), U, V, W) 

Case 4 applies with a lexicographic status for rec, yielding 5 goals: 

8. rec(Hm(F),U,V,W)y { C ol P @(F 7 n) 

9. rec{Um{F),U,V,W)Aol P U 

10. rec(lim(F),U,V,W)y { c Zl P V 

11. rec{lim{F),U,V,W)Aol P W 

12. {Um(F), U, V, W}(y horpo ) lex {^n.@(F, n), Xn.U, Xn.V, Xn.W} 
Goals 9, 10, 11 disappear by Case 2, while, by Case 5 

Goal 8 generates (a variation of) the solved Goal 4 and the new sub-goal: 

13. rec(lim{F), U, V, W) AoL P n 

which disappears by Case 1. We are left with Goal 12, which reduces to: 

14. Um(F)y horpo XnM(F,n) 

which, by Case 1 of >~hor P o, then 6 and 5 of >~ comp yields successively: 

15. Um(F)yl mp XnM(F,n) 

16. Um(F)Aol P @{F,n) 

which, by Case 5, generates (a variation of) the Goal 6 and the last goal: 

17. lim(F) yiompn 

which succeeds by Case 1, ending the computation. 

To show the strong normalization property of this new definition of >~hor P o, we need 
a more sophisticated predicate combining the predicates used for showing the strong 
normalization of HORPO [21] and CAC [6]. We have not done any proof yet, but we 
believe that it is well-founded. 



It is worth noting that the ordering >horpo defined here is in one way less powerful 
than the one defined in Section 6 using the closure definition of Section 5 because it 
does not accumulate computable terms for later use anymore. Instead, it deconstructs 
its left hand side as usual with rpo, and remembers very few computable terms: the 
accessible ones only. On the other hand, it is more powerful since the recursive case 4 
of the closure uses now the full power of >hor P o for its l ast comparison instead of 
simply /3-reduction (see [21]). Besides, there is no more type comparison in Case 1 of 
the definition of >~hor P o, a key improvement which remains to be justified formally. 

8 Related Work 

Termination of higher-order calculi has recently attracted quite a lot of attention. The 
area is building up, and mostly, although not entirely, based on reducibility techniques. 

The case of conditional rewriting has been recently investigated by Blanqui [8]. His 
results are presented in this conference. 

Giesl's dependency pairs method has been generalized to higher-order calculi by 
using reducibility techniques as described here [10,25]. The potential of this line of 
work is probably important, but more work in this direction is needed to support this 
claim. 

Giesl [22] has achieved impressive progress for the case of combinator based cal- 
culi, such as Haskell programs, by transforming all definitions into a first-order frame- 
work, and then proving termination by using first-order tools. Such transformations do 
not accept explicit binding constructs, and therefore, do not apply to rich A-calculi such 
as those considered here. On the other hand, the relationship of these results with com- 
putability deserves investigation. 

An original, interesting work is Jones's analysis of the flux of redexes in pure 
lambda-calculus [16], and its use for proving termination properties of functional pro- 
grams. Whether this method can yield a direct proof of finite developments in pure 
A-calculus should be investigated. We also believe that his method can be incorporated 
to the HORPO by using an interpretation on terms instead of a type comparison, as 
mentioned in Conclusion. 

Byron Cook, Andreas Podelski and Andrey Ribalchenko [13] have developed a 
quite different and impressive method based on abstract interpretations to show termi- 
nation of large imperative programs. Their claim is that large programs are more likely 
to be shown terminating by approximating them before to make an analysis. Note that 
the use of a well-founded ordering can be seen as a particular analysis. Although im- 
pressive, this work is indeed quite far from our objectives. 

9 Conclusion 

We give here a list of open problems which we consider important. We are ourselves 
working on some of these. The higher-order recursive path ordering should be seen as 
a firm step to undergo further developments in different directions, some of which are 
listed below. 



- Two of them have been investigated in the first order framework: the case of asso- 
ciative commutative operators, and the use of interpretations as a sort of elaborated 
precedence operating on function symbols. The first extension has been carried out 
for the general schema [5], and the second for a weak form of HORPO [11]. Both 
should have an important impact for applications, hence deserve immediate atten- 
tion. 

- Enriching the type system with dependent types, a problem considered by Walu- 
kiewicz [26] for the original version of HORPO in which types were compared by 
a congruence. Replacing the congruence by HORPO recursively called on types as 
done in [21] for a simpler type discipline raises technical difficulties. The ultimate 
goal here is to generalize the most recent versions of the ordering including the 
present one, for applications to the Calculus of Inductive Constructions. 

- HORPO does not contain and is not a well-order for the subterm relationship. How- 
ever, its definition shows that it satisfies a weak subterm property, namely property 
A. It would be theoretically interesting to investigate whether some Kruskal-like 
theorem holds for higher-order terms with respect to the weak subterm property. 
This could yield an alternative, more abstract way of hiding away computability 
arguments. 
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